![]() ![]() s means do not decode resources (we don’t need them. apk: apktool d -s UnCrackable-Level1.apk -o decoded apk, and then re-pack it with the altered manifest file. Then, uninstall it: adb uninstall 1 Make the app debuggableĪn app should be debuggable if it is flagged as one in its AndroidManifest.xml file. First, find out its package name: adb shell pm list packages | grep mstg Currently, the installed app is not debuggable, so uninstall the app. The main piece to cracking the app is to make it debuggable. This is because the app has a root detection mechanism to prevent tempering and that emulator is considered to be a rooted device. Launching the app on the emulator will give a dialog “Root detected” and the app will exit upon closing the dialog with the dialog’s button. Install the app: adb install UnCrackable-Level1.apk $ANDROID_HOME/emulator/emulator -list-avdsįire up the emulator: $ANDROID_HOME/emulator/emulator -avd & If nothing comes up after running the previous command, create an emulator using avdmanager tool, or via Android Studio GUI. Where the value of the environment variable $ANDROID_HOME is usually ~/Android/Sdk. See what you are dealing with: install and uninstall the app The debugger will allow you to see the value of the secret String, as well as circumvent the safety mechanisms employed by the app. The plan is to put the app into debug mode and debug it. The main goal of the cracking challenge is to find out the value of that secret String. Pressing the button will compare whatever is in the input field with the secret String. Level 1 app is a simple one screen app, with an input field and a VERIFY button. The MSTG repository also contains links to other solutions of the same CRACKME challenges – I encourage you to check them out after reading this guide. Level 2: the secret is on the native side, debugging and patching native library. Level 1: the secret is on the Java side, debugging Java code. MSTG provides several CREACKMEs with varying difficulty level I’m going to go over the basic ones, level 1 and level 2 (in my next blog post). What is a CRACKME? Think of it as an app built purposefully to be cracked. I’m going to present here a solution for two Android CRACKMEs provided by it. There is a great online resource dedicated to mobile security: the Mobile Security Testing Guide ( MSTG). This is a blog-post version of my Cracking UnCrackable Android Apps webinar. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |